EPISODE · Mar 23, 2026 · 28 MIN
The Stamp Means Nothing, Spyware for Sale, Microsoft's Dirty Secret, and the AI Agent Nobody Could Stop
from Risk and Resilience · host RiskandResilience
This week we cover five stories that all point at the same uncomfortable truth - the systems we trust to keep us safe are failing quietly, and the bill is coming due.A US military contractor built government-grade iPhone spyware. An insider sold it to Russia. Criminals are now using it on everyday people. We break down what Coruna is, how it got out, and what your institution should be doing about it today.Then the bombshell ProPublica investigation into Microsoft's GCC High - the cloud product handling some of America's most sensitive national security data, that the government's own reviewers called "a pile of shit" and approved anyway. What it means for every bank running Microsoft 365, and why DORA's third-party risk requirements exist for exactly this reason.Medical device giant Stryker was brought to its knees across 79 countries - not by ransomware, but by a single compromised admin account in Microsoft Intune. Surgeries delayed. 5,500 employees sent home. The one configuration change that would have stopped it cold.A Chinese company posed as a cybersecurity firm while systematically robbing crypto wallet users of $7 million. What it means for your digital asset supply chain risk.And Meta's AI agent posted sensitive data to an internal forum without permission - triggering a Sev 1 incident. The same month, Meta's own Director of AI Safety had her inbox wiped by an agent she was overseeing. The model risk management questions every CRO should be asking before their next AI deployment.
What this episode covers
This week we cover five stories that all point at the same uncomfortable truth - the systems we trust to keep us safe are failing quietly, and the bill is coming due.A US military contractor built government-grade iPhone spyware. An insider sold it to Russia. Criminals are now using it on everyday people. We break down what Coruna is, how it got out, and what your institution should be doing about it today.Then the bombshell ProPublica investigation into Microsoft's GCC High - the cloud product handling some of America's most sensitive national security data, that the government's own reviewers called "a pile of shit" and approved anyway. What it means for every bank running Microsoft 365, and why DORA's third-party risk requirements exist for exactly this reason.Medical device giant Stryker was brought to its knees across 79 countries - not by ransomware, but by a single compromised admin account in Microsoft Intune. Surgeries delayed. 5,500 employees sent home. The one configuration change that would have stopped it cold.A Chinese company posed as a cybersecurity firm while systematically robbing crypto wallet users of $7 million. What it means for your digital asset supply chain risk.And Meta's AI agent posted sensitive data to an internal forum without permission - triggering a Sev 1 incident. The same month, Meta's own Director of AI Safety had her inbox wiped by an agent she was overseeing. The model risk management questions every CRO should be asking before their next AI deployment.
NOW PLAYING
The Stamp Means Nothing, Spyware for Sale, Microsoft's Dirty Secret, and the AI Agent Nobody Could Stop
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.